# Contributor: Stuart Cardall <developer@it-offshore.co.uk>
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=tinyssh
pkgver=20230101
pkgrel=3
pkgdesc="Small SSH server using NaCl / TweetNaCl (no dependency on OpenSSL)"
url="https://tinyssh.org/"
license="CC0-1.0"
arch="all !riscv64"
_openrc_deps="s6-networking"
makedepends="libsodium-dev"
options="!check"
subpackages="$pkgname-doc $pkgname-openrc"
source="$pkgname-$pkgver.tar.gz::https://github.com/janmojzis/tinyssh/archive/$pkgver.tar.gz
	implementation-kex-strict-s-v00-at-openssh.com.patch
	$pkgname.initd
	$pkgname.confd
	"

# secfixes:
#   20230101-r3:
#     - CVE-2023-48795

build() {
	export LIBS="-lsodium"
	export CFLAGS="$CFLAGS -I/usr/include/sodium"
	export LDFLAGS="$LDFLAGS -L/usr/lib"
	make
}

check() {
	make check
}

package() {
	make install DESTDIR="$pkgdir"

	mkdir -p "$pkgdir"/etc/$pkgname
	install -m755 -D "$srcdir"/$pkgname.initd \
		"$pkgdir"/etc/init.d/tinysshd
	install -m644 -D "$srcdir"/$pkgname.confd \
		"$pkgdir"/etc/conf.d/tinysshd

	# post-install message
	mkdir -p "$pkgdir/usr/share/doc/$pkgname"
	cat > $pkgdir/usr/share/doc/$pkgname/README.alpine <<EOF
TinySSH can be run in 3 different ways:
--------------------------------------
(1) /etc/init.d/tinysshd (requires tcpserver & takes care of key generation)

(2) via inetd (you will need to 'tinysshd-makekeys <dir>' manually):

echo '22 stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/sshkeys' >> /etc/inetd.conf
rc-service inetd start

(3) Using runit with either (1) or (2)

Stealth SSH with FWKNOP: https://it-offshore.co.uk/security/53-stealth-your-ssh-port-ssh-into-lxc-containers
EOF
}

openrc() {
	default_openrc
	depends="$_openrc_deps"
}

sha512sums="
6beaf266058a89a78c710abd1a02feff0641a93d0d92aa07a1ad1ba3f6b3344bc312bb5a4cd5c06c6dcc83d25e48a801f9cfcfbb3de0f73904f36d32d4430482  tinyssh-20230101.tar.gz
ab3925164e8de4cf5e4124e577b4915df946ebb93b9b949645fe5db3ab451a77dd498455232609e7861154d0f74536bded9858476abbfa50cee8c95cd8b3758a  implementation-kex-strict-s-v00-at-openssh.com.patch
d25f2d80f360528aaf7956ef6d257b09692c22de10e70c7eed132253c3903297269ff60f948f57a587fcd677fa9207b59715c54f257a777c95cc497570d21b56  tinyssh.initd
7c6282a6ae972d83d3e624530cac4958adee1e2313d0e44aff38c94bde1a3f549a536ec80e594d44c29a6a981919dd30322e8d8511626fdb6493c98587047392  tinyssh.confd
"
